About trust and certificates

Each Trust Store contains three categories of certificates:

Trusted certificates establish a chain of trust that verifies other certificates signed by the trusted roots — for example, to establish a secure connection to a web server. When IT administrators create Configuration Profiles, these trusted root certificates don't need to be included.

Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it.